Ransomware Expenses add up Quickly for Healthcare Institutions

Plenty of people think that cyber criminals target careless individuals or corporations with questionable practices. The unfortunate truth is that these malicious individuals do not discriminate in the slightest. Hackers have attacked a number of healthcare providers over the past couple of months. CareFirst BCBS, Premera Blue Cross, Hollywood Presbyterian Medical Center and an array of other healthcare institutions have all suffered at the hands of cyber thieves.

Hackers view healthcare organizations as easy targets for a variety of reasons. These institutions typically have considerable cash assets yet they do not have to deplete their cash reserves to win the battle of public perception. Healthcare organizations provide a service that rarely, if ever, needs to be advertised as few patients are unhappy with services rendered. As a result, healthcare organizations can build wealth rather quickly and hackers have taken notice. Furthermore, healthcare institutions house extremely valuable patient records. The information in these documents can be sold for a nice chunk of change on the black market. Add in the fact that the typical hospital uses an electronic medical record system that represents a single point of failure if compromised and it is easy to see why hackers have zeroed in on these institutions.

The Financial Implications of a Healthcare Hack

If you were to interview Hollywood Presbyterian executives regarding the healthcare provider’s recent hack, they would testify that it transpired in a manner similar to that of a B-list cyber thriller flick. Hollywood Presbyterian had to shell out $17,000 in order to retrieve access to its computer systems as well as its highly sensitive digital medical records following a ransomware attack. Ransomware freezes an organization’s computer network until a specific sum of money is paid in bitcoin currency. Unfortunately, the $17,000 ransom paid by Hollywood Presbyterian was only the tip of the iceberg in terms of the breach’s total cost.

The Cost of a Forensic Investigation of a Healthcare Organization’s IT Systems

Healthcare companies require the services of computer forensics experts to determine exactly which data was compromised by unauthorized users. The services of these digital forensics experts are also necessary to pinpoint vulnerabilities and guard against breaches across posterity. These digital detectives must also determine exactly how hackers accessed the system in the first place. This labor is not cheap nor can the work be done in a short period of time. Hacks like ransomware require extensive analysis that takes considerable time, effort and resources. A thorough computer forensic investigation can cost between $100 and $600 per hour. The exact cost hinges on the style and quantity of systems involved as well as how difficult it is to recover evidence.

Healthcare providers that suffer cyber attacks like the recent wave of ransomware hacks must shell out a substantial amount of money for their negligence. These organizations are forced to pay HIPAA fines as a result of hackers’ unauthorized access of patient personal health information. These fines range from $10,000 to $25,000 per violation. They top out at $1 million per year. If it is determined that patient health information was wrongfully disclosed, fines can reach the $50,000 mark. Parties found to be negligent face up to one year in prison to boot. Healthcare companies also face the potential of patient lawsuits as a result of their failure to protect this sensitive information.

The Resulting Overhaul of IT Security is Quite Expensive

Any healthcare provider that is hacked by cyber criminals will go to great lengths to rectify its electronic safeguards. Such an IT security and digital infrastructure overhaul does not come cheap. Also, consider the fact that Hollywood Presbyterian was forced to transfer patients to an array of other local medical centers in the aftermath of the ransomware hack. Those transfers negatively impacted the company’s bottom line.

Learn a Lesson From the Recent Rash of Healthcare Industry Cyber Attacks

Do not let Hollywood Presbyterian’s nightmare of a cyber attack happen to your organization. If your company relies on non-encrypted communication tools to share patient health information and/or e-mail, changes will be necessary. Such non-encrypted tools should be either completely eliminated or significantly minimized to safeguard the integrity of your system. Be proactive and ally with an experienced team of cyber security aficionados. The time to take preventative action is now. A group of highly skilled cyber security gurus will identify weaknesses in your IT infrastructure, regularly update your organization’s IT systems, back up your data and take other important steps to prevent a nasty cyber attack. The bottom line is that a hack has the potential to financially cripple any type of business. Add in the fact that a cyber attack can erode customer trust and it is easy to see why so many healthcare providers are growing increasingly paranoid over their cyber security.